Suspected Conti Ransomware Activity in the Auto Manufacturing Sector https://www.dragos.com/blog/industry-news/suspected-conti-ransomware-activity-in-the-auto-manufacturing-sector/
Dragos
Suspected Conti Ransomware Activity in the Auto Manufacturing Sector
Dragos is observing evidence of multiple automotive manufacturers compromised by Emotet. A malware strain & a cybercrime operation.
Russian Nationals Indicted for Epic Triton/Trisis and Dragonfly Cyberattacks on Energy Firms https://www.darkreading.com/attacks-breaches/russian-state-sponsored-hackers-behind-epic-trisis-attack-indicted-for-targeting-energy-firms
Dark Reading
Russian Nationals Indicted for Epic Triton/Trisis and Dragonfly Cyberattacks on Energy Firms
Four Russian government employees were charged by the DoJ for attack campaigns targeting hundreds of energy sector companies and organizations in 135 countries, including the US.
Fake e‑shops on the prowl for banking credentials using Android malware https://www.welivesecurity.com/2022/04/06/fake-eshops-prowl-banking-credentials-android-malware/
WeLiveSecurity
Fake e‑shops on the prowl for banking credentials using Android malware
ESET researchers have analyzed three malicious Android apps that attempt to steal their login credentials.from the customers of eight Malaysian banks.
My first fuzzy finding: Busyloop in curl https://nyget.in/2022/03/28/my-first-fuzzy-finding-busyloop-in-curl/
Nygetin Paikka | The Place of the Nygetti
My first fuzzy finding: Busyloop in curl
I tend to find ways of occupying myself with new exciting things. It might be a new language I try to learn to speak (not much success there), a new instrument I try to learn to play (I have no mus…
[oss-security] Linux kernel: CVE-2022-1015,CVE-2022-1016 in nf_tables cause privilege escalation, information leak https://lwn.net/ml/oss-security/[email protected]/
How The Tables Have Turned: An analysis of two new Linux vulnerabilities in nf_tables https://blog.dbouman.nl/2022/04/02/How-The-Tables-Have-Turned-CVE-2022-1015-1016/
David's Blog
How The Tables Have Turned: An analysis of two new Linux vulnerabilities in nf_tables
Analysis and exploitation of Linux kernel vulnerabilities CVE-2022-1015 and CVE-2022-1016. I talk about how I found these vulnerabilities, explain the internals of nf_tables and come up with an local privilege escalation exploitation strategy.
Rip Raw: analyse the memory of compromised Linux systems https://securityonline.info/rip-raw-analyse-the-memory-of-compromised-linux-systems/
Cybersecurity News
Rip Raw: analyse the memory of compromised Linux systems
Rip Raw is a small tool to analyse the memory of compromised Linux systems. It is similar in purpose to Bulk Extractor
Defeating KASLR in modern operating systems https://medium.com/csg-govtech/defeating-kaslr-in-modern-operating-systems-f0d441c21b6c
Medium
Defeating KASLR in modern operating systems
Journey through this post to see how KASLR was previously bypassed on Windows 10, as well as tips on how to look for such bypasses
Fuzzing Like A Caveman 6: Binary Only Snapshot Fuzzing Harness https://h0mbre.github.io/Fuzzing-Like-A-Caveman-6/
The Human Machine Interface
Fuzzing Like A Caveman 6: Binary Only Snapshot Fuzzing Harness
Introduction It’s been a while since I’ve done one of these, and one of my goals this year is to do more so here we are. A side project of mine is kind of reaching a good stopping point so I’ll have more free-time to do my own research and blog again. Looking…
Digital Forensics Basics: A Practical Guide for Kubernetes DFIR https://sysdig.com/blog/guide-kubernetes-forensics-dfir/
Complete dissection of an APK with a suspicious C2 Server https://lab52.io/blog/complete-dissection-of-an-apk-with-a-suspicious-c2-server/
CVE-2022-25372: Local Privilege Escalation in Pritunl VPN Client https://rhinosecuritylabs.com/penetration-testing/cve-2022-25372-local-privilege-escalation-in-pritunl-vpn-client/
Rhino Security Labs
CVE-2022-25372: Local Privilege Escalation in Pritunl VPN Client
The Pritunl VPN Client service is vulnerable to an arbitrary file write as SYSTEM on Windows.
Randomizing the KUSER_SHARED_DATA Structure on Windows https://msrc-blog.microsoft.com/2022/04/05/randomizing-the-kuser_shared_data-structure-on-windows/
Analysis of CVE-2022-21882 "Win32k Window Object Type Confusion Exploit"
https://www.coresecurity.com/core-labs/articles/analysis-cve-2022-21882-win32k-window-object-type-confusion-exploit
https://www.coresecurity.com/core-labs/articles/analysis-cve-2022-21882-win32k-window-object-type-confusion-exploit
Coresecurity
Analysis of CVE-2022-21882 "Win32k Window Object Type Confusion Exploit" | Core Security
This blog analyzes the “Win32k Window Object Type Confusion” that abuses the CVE-2022-21882 vulnerability. It’s based on the existing Proof of Concept (POC), which is both interesting and quite complex. It can be treated as an interactive guide to be used…
Detecting malicious artifacts using an ETW consumer in kernel mode https://www.countercraftsec.com/blog/post/detecting-malicious-artifacts-using-an-etw-consumer-in-kernel-mode/
CounterCraft
Detecting Malicious Artifacts Using an ETW Consumer in Kernel Mode
Post-exploitation tooling is becoming increasingly sophisticated and often evades detection by EDRs, meaning sometimes we will not be able to detect when an attacker is able to load his code into memory. Here's a way to detect artifacts that are already loaded…
Dirty Pipe Explained - CVE-2022-0847 https://www.hackthebox.com/blog/Dirty-Pipe-Explained-CVE-2022-0847
Hack The Box
Dirty Pipe Explained - CVE-2022-0847
On 7th March’22, security researcher Max Kellermann published the vulnerability nicknamed ‘Dirty-Pipe’ which was assigned as CVE-2022-0847. This vulnerability affects the Linux kernel.
Exploiting CVE-2022-0778, a bug in OpenSSL vis-à-vis WebRTC platforms https://www.rtcsec.com/article/exploiting-cve-2022-0778-in-openssl-vs-webrtc-platforms/
Enablesecurity
Exploiting CVE-2022-0778, a bug in OpenSSL vis-à-vis WebRTC platforms
Exploiting CVE-2022-0778 in a WebRTC context requires that you get a few things right first. But once that is sorted, DoS (in RTC) is the new RCE!